+1 Recommend
1 collections

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Performance of Firewalls for Industrial Applications

      a , a , a , b , a , a
      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)
      Cyber Security Research
      23 - 25 August 2016
      industrial firewalls, industrial communications, performance measurements, cybersecurity, Modbus/TCP


            The increased exposure of industrial control systems to cyber threats and attacks demands for the deployment of adequate security countermeasures. Specialised firewalls, able to recognise and inspect traffic concerning special-purpose communication protocols adopted in industrial environments, are one of the basic solutions that have started spreading on the market. This paper deals with the performance evaluation of two commercial firewalls designed for industrial applications. Our analysis is mainly based on the measurement of typical parameters that are relevant for the considered application scenario. A more conventional device has also been considered in the experimental campaign so as to provide a reference comparison with a well-assessed and general-purpose product. In particular, the paper focuses on the firewall packet inspection capabilities for the Modbus/TCP protocol.


            Author and article information

            August 2016
            August 2016
            : 42-52
            [ a ]National Research Council of Italy – IEIIT
            [ b ]Politecnico di Torino – IT Division

            c.so Duca degli Abruzzi 24

            I-10129 Torino, Italy
            © Cheminod et al. Published by BCS Learning & Development Ltd. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2016.6
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            industrial firewalls,cybersecurity,industrial communications,Modbus/TCP,performance measurements


            1. Belden–Hirschmann 2016 Tofino Xenon security appliance ext-link-type="uri" xlink: href="https://www.e-catalog">https://www.e-catalog.beldensolutions.com/link/57078-24455-49853-411807/en/conf/0 Accessed 20 May 2016

            2. et al 2014 Evaluation of communication architectures for switched real-time ethernet IEEE Trans. on Computers 63 1 218 229

            3. et al 2014 Latency evaluation of a firewall for industrial networks based on the tofino industrial security solution Proc. of the 19th IEEE Int. Conf. on Emerging Technology and Factory Automation (ETFA) 1 8

            4. et al 2013 Review of security issues in industrial networks IEEE Trans. Ind. Informat 9 1 277 293

            5. Fortinet 2016 FortiGate/FortiWiFi® 60D Series ext-link-type="uri" xlink: href="https://www.fortinet.com/content/">https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_ FortiWiFi_60D_Series.pdf Accessed 20 May 2016

            6. et al 2003 Benchmarking methodology for firewall performance IETF RFC 3511

            7. iPerf 2016 iPerf - the network bandwidth measurement tool ext-link-type="uri" xlink: href="https://iperf.fr/">https://iperf.fr/ Accessed 20 May 2016

            8. et al 2015 A survey of cyber security management in industrial control systems Int. Journal of Critical Infrastructure Protection 9 52 80

            9. Modbus Organization 2012 Modbus Protocol Specification V1.1b3 ext-link-type="uri" xlink: href="http://www.modbus.org/specs.php">http://www.modbus.org/specs.php Accessed 20 May 2016

            10. Moxa 2016 EDR-810 ext-link-type="uri" xlink: href="http://">http://www.moxa.com/product/EDR-810.htm">www.moxa.com/product/EDR-810.htm Accessed 20 May 2016

            11. 2016 libmodbus ext-link-type="uri" xlink: href="http://libmodbus.org/">http://libmodbus.org/ Accessed 20 May 2016

            12. et al 2015 A scalable and dynamic application-level secure communication framework for inter-cloud services Future Generation Computer Systems 48 19 27

            13. 2014 Next generation firewall comparative analysis security value map ext-link-type="uri" xlink: href="https://www.nsslabs.com/research-advisory/security-value-maps/2014/ngfw-svm-2014/">https://www.nsslabs.com/research-advisory/security-value-maps/2014/ngfw-svm-2014/ Accessed 20 May 2016

            14. Wireshark Foundation 2016 Wireshark – Go deep ext-link-type="uri" xlink: href="http://www.wireshark.org/">http://www.wireshark.org/ Accessed 20 May 2016

            15. et al 2008 Which network measurement tool is right for you? A multidimensional comparison study Proc. of the 9th IEEE/ACM Int. Conf. on Grid Computing (GRID) 266 275


            Comment on this article